Skip to content

[WIP] Fix AI Moderator chatgpt.com connection issue due to firewall#27413

Closed
Copilot wants to merge 1 commit intomainfrom
copilot/aw-failures-fix-chatgpt-connection
Closed

[WIP] Fix AI Moderator chatgpt.com connection issue due to firewall#27413
Copilot wants to merge 1 commit intomainfrom
copilot/aw-failures-fix-chatgpt-connection

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 20, 2026

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

This section details on the original issue you should resolve

<issue_title>[aw-failures] AI Moderator (Codex): chatgpt.com blocked by firewall</issue_title>
<issue_description>### Problem Statement

The AI Moderator workflow running with the Codex engine (v0.121.0) is attempting to make egress connections to chatgpt.com:443, which is blocked by the workflow's network firewall. This causes the agent job to fail silently — the agent starts (1.4 min runtime, 1 MB of stdio logged) but produces 0 parsed turns and the job concludes as failure.

This is a separate failure mode from the OpenAI 401 Unauthorized issue tracked in #27404.

Affected Workflow & Runs

Firewall Evidence

Domain Allowed Blocked
api.openai.com:443 13 0
chatgpt.com:443 0 1
github.com:443 2 0

OpenAI credentials were functional (13 successful API calls). The failure is a network-level block, not an auth issue.

Probable Root Cause

Codex v0.121.0 or a tool it invokes is making an outbound call to chatgpt.com during execution. Possible causes:

  1. A browsing/search tool in the Codex agent's toolbox is calling chatgpt.com for a web lookup
  2. The Codex binary itself contacts chatgpt.com for telemetry, licensing, or a capability check
  3. A prompt or tool call in the workflow inadvertently triggers a chatgpt.com request

Proposed Remediation

  1. Investigate: Read /tmp/gh-aw/aw-mcp/logs/run-24681803841/agent-stdio.log (1 MB) to find which tool or subprocess attempted the chatgpt.com call
  2. If intentional: Add chatgpt.com:443 to the AI Moderator workflow's firewall allowlist
  3. If unintentional: Fix the agent prompt or tool configuration to prevent the call, or upgrade/downgrade Codex to avoid the behavior

Success Criteria

  • AI Moderator (Codex) completes without firewall blocks when triggered by the issues event
  • Either chatgpt.com:443 is added to the allowlist and the call is confirmed intentional, or the call is eliminated from the agent's execution path

Generated by [aw] Failure Investigator (6h) · ● 285.2K ·

  • expires on Apr 27, 2026, 7:18 PM UTC

Comments on the Issue (you are @copilot in this section)

Copilot AI linked an issue Apr 20, 2026 that may be closed by this pull request
[aw-failures] AI Moderator (Codex): chatgpt.com blocked by firewall #27412
Closed
@pelikhan pelikhan closed this Apr 20, 2026
Copilot stopped work on behalf of pelikhan due to an error April 20, 2026 19:35
The session was cancelled by the user.
Copilot AI requested a review from pelikhan April 20, 2026 19:35
@github-actions github-actions Bot deleted the copilot/aw-failures-fix-chatgpt-connection branch April 28, 2026 03:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan Awaiting requested review from pelikhan

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[aw-failures] AI Moderator (Codex): chatgpt.com blocked by firewall

2 participants

@pelikhan